So I created a simple bash script to run on login.....
one of the commands is the following:
sudo "something something something"....
One thing I haven't learned in my years of Unix is how do you get a bash script to run a sudo command without having to enter a password? I know this is trival, but just a quick 'this is how you do it' would be cool.
Thanks ahead of time on this really dumb question.
MacBook Pro, Mac OS X (10.7)
There's a few ways to do this. Here's two (pick the method you like):
Method 1: Using "askpass".
With this you always do sudo -A command. The -A argument tells sudo to execute a command that echos the password to stdout. That command is something you write. For this explaination let's call the command pw and stick it /usr/local/bin. So it's full pathname would be /usr/local/bin/pw.
sudo -A can get the pathname to pw a number of ways.
1. From the sudoers file.
Use visudo to add the following line to the sudoers file:
Defaults:ALL askpass=/usr/local/bin/pw
2. Using the SUDO_ASKPASS environment variable.
export SUDO_ASKPASS=/usr/local/bin/pw
This might work too (assuming SUDO_ASKPASS has been previously exported):
SUDO_ASKPASS=/usr/local/bin/pw sudo -A command
------------------------------------------------
Method 2: Have sudo read the password from stdin
echo -n password | sudo -S command
The -S option tells sudo to read the password from stdin so echo pipes it in (without the ending newline).
The only relatively secure scheme of these two methods is the askpass (-A) method. At least with that method you have a chance of encrypting/hiding your password down in the command that echoes it to stdout. The -S method would contain your password explicitly in a script somewhere unless you make other provisions to encrypt/hide it with that technique.
Alright, I'm lost, sorry I've tried to educate myself on how to do this, but I'm at a loss now.
I've been playing with an example bash script like so:
sudo ipfw add deny ip from 192.x.x.x/24 to 10.x.x.x
I've placed the practice script in my login options for my user account on my computer so when I reboot it runs, but does not complete because it's asking for a password. I've tried several variances to what you suggested, but I don't think I'm fully understanding the concept.
Any ideas or directions to lead me down the right rabbit hole?
Torn, when you said you want to run a bash script at login I took it you knew how to use the shell and knew that scripts are not applciations which you can simply define as login items in the Accounts preferences. I thought my explaination of sudo was pretty clear if you wanted to use sudo without it requesting a password (using the -S or -A) options. But if you really want to do this as a at startup, as a script, then you can create launchagents or startupitems. You proably should read the Apple doc "About Daemons and Services" to get you started.
You realize I've been trying to figure this out for about 5hrs now, I'm still working on it. I like to fully understand what I'm doing before I do it.
You would use a root launchd item for that purpose, not sudo. See the man pages for launchd and launchd.plist. If you're not very familiar with the shell, this isn't a good way to learn.
sudo Command in Bash Script
